 |
|||||
|
As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only. Join the TIBCO Community
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community. | |||||
Focal Point 
Focal Point Forums WebFOCUS/FOCUS Forum on Focal Point Bypass security check for self-service page
Focal Point Forums WebFOCUS/FOCUS Forum on Focal Point Bypass security check for self-service page Read-Only TopicGo | Search | Notify | Tools |
| Bypass security check for self-service page | Login/Join |
| Silver Member |
Our reporting server is secured, and a signon page will be poped when any self-service page is executed. However, there is a new page that we would like to allow public to see. I'm told by the help line to hard-coded a userid/pw in the html page, or fex. this method is not the best because a VIEW SOURCE will see the id/pw by the world, so he suggested me to seek help here. Do you have any idea that I can accomplish the OPENup of a html page to the world? thanks so much. Prod: WebFOCUS 7.1.1 CGI - Self Service - Report Caster,Win2000/IIS Output: HTML, Excel 2000 and PDF | ||
|
| Virtuoso |
You could use a JSP page as the action of your form. That JSP page can then forward the request to the WFServlet including the required IBIC_user IBIC_pass and IBIF_ex parms. I suggest puting the IBIF_ex in the JSP so that it can only be used to execute that one report and not be a security problem. "There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott | |||
|
| Virtuoso |
Example of JSP to do this. Note: this has to be part of the web focus web application. This example assumes it is part of the root directory of the web application. bypass.jsp
<jsp:directive.page language="java" import="java.util.*" />
<jsp:scriptlet>
/**
* check to see if someone is trying to run another IBIF_ex.
* We are doing this because we cannot prevent a parameter from
* being sent to the forwarded servlet call. We want to prevent
* a user from passing their own value of IBIF_ex.
*/
String userId;
String passWord;
if (request.getParameter("IBIF_ex") == null) {
/* put good userid and password here */
userId = "good-userid";
passWord = "good-password";
} else {
/* put bad userid and password here */
userId = "bad-userid";
passWord = "bad-password";
}
</jsp:scriptlet>
<jsp:forward page="/WFServlet" >
<jsp:param name="IBIF_ex" value="carinst" />
<jsp:param name="IBIC_user" value="<%= userId %>" />
<jsp:param name="IBIC_pass" value="<%= passWord %>" />
<jsp:param name="WF_AUTOSIGNON" value="NO" />
</jsp:forward>
Url examples: /ibi_apps/bypass.jsp /ibi_apps/bypass.jsp?COUNTRY=ENGLAND "There is no limit to what you can achieve ... if you don’t care who gets the credit." Roger Abbott | |||
|
| Silver Member |
Thanks. Since I have not much jsp, java experience, I'llpass the code to another group to review. thanks agian Prod: WebFOCUS 7.1.1 CGI - Self Service - Report Caster,Win2000/IIS Output: HTML, Excel 2000 and PDF | |||
|
| Powered by Social Strata |
 | Please Wait. Your request is being processed... |
Read-Only TopicFocal Point Focal Point Forums WebFOCUS/FOCUS Forum on Focal Point Bypass security check for self-service page
Focal Point Forums WebFOCUS/FOCUS Forum on Focal Point Bypass security check for self-service pageCopyright © 1996-2020 Information Builders
| View $GS_USERNAME's Public Profile |
| Add $GS_USERNAME to my Ignore List |
| View Recent Posts by $GS_USERNAME |
| Notify me of New Posts by $GS_USERNAME |